system_suspend: sysfs path resolution /sys/class/wakeup/wakeupN can point to an arbitrary path in sysfs. Add "search" permission for path resolution. Bug: 144095608 Test: m selinux_policy Change-Id: I033d15b4ca56656f144189f5c2b1b885f30155a3

commit: e3e77ed26451d078aa8d297d84f0480abf4e3a74 [log] [tgz]
author: Tri Vo <trong@google.com> Tue Nov 12 13:37:03 2019 -0800
committer: Tri Vo <trong@google.com> Tue Nov 12 13:47:26 2019 -0800
tree: c585c99a6c3f69f60c90e9622ef91065a85e7077
parent: ec2f903d9bcd38aa64644cd1183634a4d98958f9 [diff] [blame]
diff --git a/private/system_suspend.te b/private/system_suspend.te
index b600c66..d33dc8e 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te

@@ -13,6 +13,8 @@
 # Access to wakeup and suspend stats.
 r_dir_file(system_suspend, sysfs_suspend_stats)
 r_dir_file(system_suspend, sysfs_wakeup)
+# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks.
+allow system_suspend sysfs_type:dir search;
 
 neverallow {
     domain
commit	e3e77ed26451d078aa8d297d84f0480abf4e3a74	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Nov 12 13:37:03 2019 -0800
committer	Tri Vo <trong@google.com>	Tue Nov 12 13:47:26 2019 -0800
tree	c585c99a6c3f69f60c90e9622ef91065a85e7077
parent	ec2f903d9bcd38aa64644cd1183634a4d98958f9 [diff] [blame]